Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt

PAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw.

vulnerability CVE-2024-27322

Privileged access management (PAM) solutions provider Delinea over the weekend scrambled to patch a critical vulnerability after it apparently ignored a researcher who attempted to responsibly disclose the issue for weeks.

On April 12, Delinea informed customers that it had started investigating a “security incident” and that there may be some service disruptions. 

The next day, the company clarified that it had become aware of a critical authentication bypass vulnerability in the Secret Server SOAP API. Delinea initially prevented exploitation by blocking the impacted SOAP endpoints for Secret Server Cloud customers. In addition, it released indicators of compromise (IoCs) to enable customers to detect potential exploitation attempts. 

Later in the day, Delinea announced releasing patches for both Delinea Platform and Secret Server Cloud. On April 14, the company announced patches for Secret Server On-Premises. 

Technical details of the vulnerability along with proof-of-concept (PoC) code were made public on April 12 in a Medium post by researcher Johnny Yu.

Yu said he had been trying to responsibly disclose his findings to Delinea since February 12, including through the CERT Coordination Center at Carnegie Mellon University, but without success. Based on Yu’s disclosure timeline, Delinea ignored nearly all communication attempts.

A CVE identifier has yet to be assigned.

SecurityWeek has reached out to Delinea for comment, but the company has not shared any clarifications on the botched disclosure process. 

Advertisement. Scroll to continue reading.

“Delinea Platform and Secret Server Cloud have been updated, and we are working closely with on-premise customers with direct remediation steps. Our Engineering and Security teams have conducted reviews for any evidence of compromised tenant data,” Delinea said in an emailed statement. 

“At this time, we have found no evidence that any customer’s data has been compromised and no attempts to exploit the vulnerability have occurred on Delinea Platform and Secret Server Cloud. Our customer’s security is always a priority and we will continue to monitor this situation and provide updates to customers at trust.delinea.com,” it added.

Related: Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge

Related: Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

Related: Magento Vulnerability Exploited to Deploy Persistent Backdoor

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.